Jason L. Martin
Copyright
Acquiring Editor:Chris Katsaropolous
Development Editor:Heather Scherer
Project Manager:Priya Kumaraguruparan
Designer:Alan Studholme
Syngress is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
Copyright 2012 ELSEVIER, Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Application submitted
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-735-0
Printed in the United States of America
12 13 14 15 10 9 8 7 6 5 4 3 2 1
For information on all Syngress publications visit our website at www.syngress.com
Dedication
Jason:
I would like to dedicate this book to my Mom for always supporting me, my Wife for being so understanding when I try to do too many things at once and never holding it against me, and for Carter who was too young to care but would come by and tap on my keyboard while I tried to work on the book.
Ryan:
I would like to dedicate this book to my father, Gilbert; my mom, Hedy; my sister, Iquit; my brother, Herbert.
Acknowledgements
Jason would like to thank his co-author Mark Ryan Talabis for all his support, patience and hard work. Also, in no particular order: his co-workers at Secure DNA for providing input into the process; Ernest Shiraki Jr. for supporting the idea of putting this book together; Evan Wheeler for his insight and feedback during the editing process; and finally his wife and son, Kaleen and Carter Martin, for being understanding when working on the book took away valuable time that he could have been spending with them.
Ryan would like to thank his co-author Jason Martin for making all of this possible. And to everyone who in one way or another, played a part in this book: Joanne Robles, Heather Scherer, Evan Wheeler, Daisy del Moral, Carlo Monteverde, Joseph Tee, Aldwin Mamiit, Jiffy Armas, John Ruero, Dr. John Paul Vergara, Dr. Joe Santiago, Yvonne Feng, Lorenzo Sy, Benjamin Reodica Jr, Fedeliza Talabis Reodica, Anne Michelle Santos, Rosario Acierto, Howard Van De Vaarst III, Ernie Shiraki, Secure-DNA, Harvard University Extension School, Ateneo de Manila University, University of Santo Tomas, San Beda Alabang and last but not the least, my family: Gilbert, Hedy, Iquit and Herbert Talabis.
About the Technical Editor
in the IT and Security industries for over 15 years, Evan Wheeler is accustomed to advising clients on all aspects of information assurance. Specializing in risk management, digital forensic investigations, and security architecture development, he offers an expert insight into security principles for both clients and security professionals. Evan currently is a Director of Information Security for Omgeo (A DTCC | Thomson Reuters Company), an instructor at Northeastern University, the author of the Information Security Risk Management course for the SANS Institute, and has published the popular book Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. Previously he spent several years as a Security Consultant for the U.S. Department of Defense. More details about his work and several free resources are available at: http://www.ossie-group.org.
About the Authors
Mark Ryan M. Talabis is a Manager for the Secure DNA Consulting practice. Prior to joining Secure DNA he was a consultant in the Asian Development Bank (ADB). He has extensive experience in information security risk assessments, information security policy and program development, vulnerability assessments and penetration testing and has specialized expertise in security analytics and data mining as applied to information security. He has a Masters degree in Information Technology; Certified Information Systems Security Professional (CISSP); Certified Information Systems Auditor (CISA); a GIAC Certified Incident Handler Certification (GCIH); a GIAC Security Essentials Certification (GSEC); Certified in Risk and Information Systems Control (CRISC); and a Microsoft Certified Professional (MCP) on SQL Server Administration;. He has presented in various security and academic conferences around the world including Blackhat and Defcon and has a number of published papers to his name in various peer-reviewed journals. He is an alumni member of the Honeynet Project and is currently taking a Master of Liberal Arts (ALM) in Extension Studies in Harvard University.
Jason L. Martin is the President and CEO of Secure DNA, an Information Security Company that provides security solutions to companies throughout the United States and Asia. Prior to joining Secure DNA he was a Manager within KPMGs Information Risk Management group. In his professional services role Mr. Martin has successfully designed, implemented, and operated security programs for multi-billion dollar organizations within Hawaii and the US Mainland as well as provided subject matter expertise as an executive level security advisor to companies throughout the world. He is a Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), and holds the designation as Certified in Risk and Information Systems Control (CRISC). He has advised Lawmakers on emerging cyber security risks and is working with legislatures to enhance state privacy laws. He is a frequent speaker and instructor at security and audit training events and seminars, is a founder of the Shakacon Security Conference, and is on the board of advisors for the Hackito Ergo Sum security conference in France. He is a former board member for the Hawaii chapter of ISACA and is a current board member for the Hawaii chapter of INFRAGARD.